import angr
import sys
def main():
path_to_binary = "./02_angr_find_condition"
project = angr.Project(path_to_binary, auto_load_libs=False)
initial_state = project.factory.entry_state()
simulation = project.factory.simgr(initial_state)
def is_successful(state: angr.SimState):
stdout_output = state.posix.dumps(1)
if b'Good Job.' in stdout_output:
return True
return False
def should_abort(state: angr.SimState):
stdout_output = state.posix.dumps(1)
if b'Try again.' in stdout_output:
return True
return False
simulation.explore(find=is_successful, avoid=should_abort) # avoid
if simulation.found:
solution_state = simulation.found[0]
solution = solution_state.posix.dumps(0)
print("[+] Success! Solution is: {}".format(solution.decode()))
else:
raise Exception('Could not find the solution')
if __name__ == "__main__":
main()